And now we've moved the problem from "I used a weak password for $site because I couldn't paste it from my password manager" to "I've got an extension in my browser from some internet random that manipulates every form field including the password field on every webpage I visit"...
(And yeah, the "internet random" here has a github repo with the code, and the file that does this is an easily auditable 16 lines of javascript, so props to him for that. But it's still got the recently exploited attack vector that he or an attacker who takes over his account could push malicious updates to the extension, like the webdev extension from earlier this week...)
I've used this extension before, just a note that it will break legitimate onpaste events, for example websites that let you paste an image in, like Imgur or Twitter
Don't Fuck With Paste: https://chrome.google.com/webstore/detail/dont-fuck-with-pas...